Using SSL Certificates on Your VPS

Implementing SSL certificates on your VPS is essential for securing data transfer between your website and its visitors. Follow these steps to install and configure SSL certificates on your VPS.

Step 1: Choose an SSL Certificate

  • Select the Type of SSL Certificate:
    • Decide between a single-domain, wildcard, or multi-domain SSL certificate based on your needs.
    • Purchase the certificate from a reputable Certificate Authority (CA).

Step 2: Generate a Certificate Signing Request (CSR)

  • Log in to Your VPS:

    • Access your VPS via SSH using a terminal or an SSH client.

  • Create the CSR:

    • Use OpenSSL to generate a CSR and a private key. Run the following command:
      bash
      openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
       
    • Replace yourdomain with your actual domain name.

  • Enter Required Information:

    • Follow the prompts to provide information such as country, state, organization name, and domain name. Ensure that the Common Name (CN) matches your domain.

  • Locate Your CSR:

    • After generating the CSR, find it in the current directory as yourdomain.csr and your private key as yourdomain.key.

Step 3: Submit the CSR to Your Certificate Authority

  • Submit the CSR:

    • Log in to your account with the Certificate Authority where you purchased the SSL certificate.
    • Paste the content of yourdomain.csr into the appropriate field to request your SSL certificate.

  • Complete the Domain Validation:

    • Follow the CA’s instructions to complete domain validation. This may involve receiving an email at an admin address associated with your domain.

Step 4: Download and Install the SSL Certificate

  • Download Your SSL Certificate:

    • Once validated, download the issued SSL certificate files from the CA.

  • Upload Certificate Files to Your VPS:

    • Use SCP or an FTP client to upload the certificate files (e.g., yourdomain.crt and any intermediate certificates) to your VPS, typically in the /etc/ssl/certs directory.

Step 5: Configure Your Web Server to Use SSL

  • For Apache:

    • Open your Apache configuration file. This might be located at /etc/httpd/conf.d/ssl.conf or /etc/apache2/sites-available/default-ssl.conf.
    • Add or update the following lines:
      apache
      <VirtualHost *:443>
      ServerName yourdomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/ssl/certs/yourdomain.crt SSLCertificateKeyFile /etc/ssl/private/yourdomain.key SSLCertificateChainFile /etc/ssl/certs/intermediate.crt </VirtualHost>
    • Replace the paths and domain name with your actual values.

  • For Nginx:

    • Open your Nginx configuration file, typically located in /etc/nginx/sites-available/default or /etc/nginx/conf.d/default.conf.
    • Add or update the following lines:
      nginx
      server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/ssl/certs/yourdomain.crt; ssl_certificate_key /etc/ssl/private/yourdomain.key; ssl_trusted_certificate /etc/ssl/certs/intermediate.crt; location / { root /var/www/html; index index.html index.htm; } }
       
    • Again, replace the paths and domain name with your actual values.

Step 6: Test the SSL Installation

  • Restart Your Web Server:

    • For Apache:
      bash
      sudo systemctl restart apache2
       
    • For Nginx:
      bash
      sudo systemctl restart nginx

  • Check Your SSL Configuration:

    • Use online SSL checking tools such as SSL Labs’ SSL Test to ensure that your certificate is correctly installed and configured.

  • Verify in a Browser:

    • Visit your website using https://yourdomain.com and look for the padlock icon in the browser's address bar, indicating that the SSL certificate is active.

Step 7: Set Up Automatic Renewal (Optional for Let’s Encrypt)

  • Install Certbot:

    • If you are using Let’s Encrypt, install Certbot to manage SSL certificates automatically:
      bash
      sudo apt install certbot
       

  • Request a Let’s Encrypt Certificate:

    • Use Certbot to automatically obtain and install the certificate:
      bash
       
      sudo certbot --apache
    • For Nginx, use:
      bash
      sudo certbot --nginx

  • Schedule Automatic Renewal:

    • Certbot automatically sets up a cron job for renewal, but you can verify it by running:
      bash
      sudo certbot renew --dry-run

By following these steps, you can effectively secure your VPS with SSL certificates, ensuring safe data transfer for your users. Regularly monitor your SSL certificate’s validity and renew it as needed to maintain a secure environment.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Fix the SSH "Connection Refused" Error

How to Fix the SSH "Connection Refused" Error   When you try to connect to your QuickServers...
A Beginner's Guide on How to Use a VPS

A Beginner's Guide on How to Use a VPS   A Virtual Private Server (VPS) is a popular option for...
How to Create an FTP Server on a VPS: A Beginner's Guide

How to Create an FTP Server on a VPS: A Beginner's Guide   Step 1: Connect to your VPS The...
How to enable SSH on a VPS

How to enable SSH on a VPS   SSH (Secure Shell) is a secure and encrypted protocol that allows...
How to Remote Desktop into a Windows VPS

How to Remote Desktop into a Windows VPS   Every Preinstalled Windows VPS at QuickServers comes...